Posted
by
samzenpus
on Wednesday December 29, 2010 @05:19PM
from the forever-is-a-long-time dept.

ReportedlyWorking writes "It appears that Sony's PS3 has been fatally compromised. At the Chaos Communication Congress in Berlin, a team named 'fail0verflow' revealed that they had calculated the Private Keys, which would let them or anyone else generate signed software for the PS3. Additionally, they also claim to have a method of jailbreaking the PS3 without the use of a Dongle, which is the current method. If all these statements are true, this opens the door to custom firmware, and homebrew software. Assuming that Sony doesn't take radical action and invalidate their private keys, this could mean that Jailbreaking is viable on all PS3, regardless of their firmware! From the article: 'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system. The other major feat, was calculating the public private keys (due to botched security), giving users the ability to sign their own SELFs. Following this, the team declared Sony's security to be EPIC FAIL!'"

Is it really necessary for everybody to talk like complete dicks nowadays?

To be honest I'm not sure how you can call Sony security a failure. As far as popular consumer devices go, the PS3 lasted for eons. I am both a Sony and Apple fanboy (somewhat), and have to laugh at the hours (literally) it takes any Apple product to be cracked while Sony (as dysfunctional as any company there is) makes a product that lasts for years.
Cracking the keys was inevitable, but Sony should be recognized for making it more difficult than anyone else:)
I still sit on the side of the fence where the damn thing should have been open from the get-go...but meh

I get the impression that the moderate openness of the PS3 at release was exactly what did preserve its uncracked status for so long. As soon as they locked out the 'Other OS' option, they pissed off the precise segment of the userbase who also have the skill to crack any subsequent security improvements.

Having followed the finest Slashdot tradition and only read TFA after posting, it appears that there was truth in my speculation. Fail0verflow [fail0verflow.com], the group that found the keys, posted on twitter [twitter.com] that "we only started looking at the ps3 after otheros was killed.". That means they did this in nine months.

Only if they completely ignored all knowledge of the PS3 discovered before 9 months ago, which I highly doubt. Granted, it probably wouldn't have taken them the 4 years to crack it if they had interest from the start, but to complete ignore the 3 intervening years, you have to assume they gained nothing from those 3 years at all on any front. It is a disingenuous claim.

Okay, I'll give you 12 months. The difference is negligible. The techniques used to root the PS3 are so fundamental and well-known that it was largely a matter of trying them out. There was nothing revolutionary here, it was just a matter of people with sufficient expertise and resources becoming motivated to spend the time to do the necessary work.

The point remains: working with your users diminishes their motivation to work against you. Minimizing the artificial constraints placed on what users can do with the device they purchased means that huge swaths of people who might be motivated to reverse engineer your safeguards won't need to. The community relationship will be improved, new uses for the hardware that you didn't anticipate will be found.

When you can improve sales and customer relations while simultaneously lengthening the lifetime of your product as a DRM device, well, it seems like it would be a relatively simple decision. The net effect is to attract and retain customers both at a consumer and industry level. Consumers get a more versatile device - and equally important, respect. Developers get stronger and longer-lasting DRM and a larger and more robust consumer base. Everybody wins.

And that's the problem. I'll describe the mentality with which you are dealing when you speak of corporations that want to control what can be done with a device post-sale: "it is not enough for me to win -- someone else must also lose." They are not interested in finding the balance of which you speak.

The corporations own most of our legal system and media. I'm glad for these cracker groups. They're just about the only remaining check against them that seems to actually work.

George Hotz ("geohot") tried his hand at it, given that he had been rather successful at cracking Apple's iStuff. He found an exploit that gave hypervisor access, and in response, Sony removed OtherOS in a firmware update, as geohot's hack required use of OtherOS.

So this can all be traced back to geohot getting involved... though in my opinion, Sony shouldn't have responded by removing OtherOS, causing all the collateral damage. It inevitably was going to result in a lot of really serious people getting involved and, by extension, more stories like this.

I'm one of those guys, and the summary is so terrible it's not even funny. Please watch the recording of the talk before you form an opinion; the reporting on this one is pretty terrible. Especially the "overflowing the bootup NOR flash". I don't even know what that's supposed to mean.

The PS3 security system really is horrible. Most of it is effectively useless because it can be worked around or breaking it is not necessary, and the signature screwup is basically inexcusable. We aren't calling it "Epic Fail" for one or two holes, we're calling it "Epic Fail" because as a whole it's a complete clusterfuck and there are many fundamental design holes and more than enough evidence that the developers responsible for it were not qualified to design a security system or write its code (e.g. clearly they didn't employ a proper cryptographer). It's also a reference to our Wii talk (which was subtitled "Wii Fail") because we consider the PS3's security to be a hell of a lot worse, design-wise.

For those that dont know, this guy (among others of course) has been integral to opening up the Wii and now the PS3 for homebrew.Very interesting writer too, explains on his website much of the details of working around the various "fixes" Nintendo applied to try and close the holes in their code.He is definitely not an asshole, and those of us who care about openness on these consoles (or just enjoy running homebrew on them) owe a lot to him and the teams he works with.

I saw the whole video. I agree that it's fail, but I find this comment simply fucking baffling.

Didn't you guys release the Twilight Princess Wii hack? The one with the buffer overflow in the damn horse's name?

The PS3 gets a lot of shit right. It doesn't trust the optical drive(bye bye firmware mods ala 360/Wii), it properly implements the NX bit in userspace(bye bye buffer save game/TIFF overflow exploits ala PSP, Xbox and Wii) and while the fact that they're not randomizing the encryption is incredibly

while the fact that they're not randomizing the encryption is incredibly bad, it's not epic fail

A signer screwup that leaks their private key is not epic fail? This is probably the first time in embedded system security that someone has fucked up public key crypto this badly.

For epic fail, we go to the Xbox 360 which has a damn JTAG pinout exposed to the world on the fucking motherboard(runner up: Xbox pogo pins).

So does the PS3. JTAG doesn't mean anything if it's disabled, which it normally is, on both consoles (actually, we suspect it might be enabled on the PS3 but you probably can't do anything interesting with it). The Xbox 360 security design is a lot better than the PS3's. They had a few minor holes. The PS3 is completely messed up. The 360 has better revocation, better encryption, secure memory, a simpler and more effective security design, and a better implementation.

Also, why didn't you guys list sjeep's Independence Exploit for PS2 that came out in 2002 or so? It didn't directly enable piracy(although when HDloader got dumped into ELF format it sure did).

That came a lot later than modchips (which already enabled homebrew and piracy equally, since there's no PKI), and the slide was already overcrowded so it didn't make much sense.

Honestly, it's perfectly possible to engineer the signature randomization failure deliberately (it would certainly be very easy to botch a signer like this and make it look like a bug, see the Underhanded C Contest for similar examples), but I think it's extremely unlikely that something like this actually happened. Never attribute to malice that which can be adequately explained by stupidity. Especially considering the rest of the security is messed up in ways that clearly indicate they just didn't know what they were doing.

I think that the "epic fail" part isn't the overall security of the PS3(which has generally been a pretty good sinister representative of the dystopian "trusted computing" future); but the fact that they somehow managed to build a code-signing verification mechanism that allowed their private key to be computed by an outside party.

Assymetric key crypto is supposed to be(barring serious implementation failures or incredible algorithmic/technological breakthroughs) such that you should be able to verify that a private key was used to sign something with nothing more than the public key, from which the private key should be computable only in a time longer than the lifespan of the universe's remaining protons. That is the part that they apparently managed to fuck up. In terms of generally being a tough nut to crack, Sony did a pretty decent job. However, if TFA is true and not misleading, they failed to implement an absolutely foundational part of practical cryptography properly...

The "epic" part really came about due to the completely inexcusable ECDSA signature screwup. We were left speechless by that one. However, as a whole, the entire PS3 architecture is terrible. Especially after breaking it open and properly analyzing it and finding a ton of screwups (many critical), there is absolutely no doubt in our mind that the sole reason why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system (that, and maybe hype around their hypervisor and isolated SPE security, both of which turned out to be terribly bad). If you watch the talk you'll actually see that we make this point clear and address the time-to-hack of the PS3. Given our experience and what we've learned from people who work on console hacks, almost nobody tried until OtherOS was removed, so the only valid measurement for "time to hack", as a strength-of-security measure, is the time since OtherOS was removed (9-12 months or so).

why the PS3 lasted this far is because OtherOS kept all the competent people happy enough not to try to break into the system

Really? people haven't been trying to get to accelerated video in linux on the ps3? Or access to the GameOS FS just to tinker with it? Or piracy(Piracy was a big BIG motivator on Xbox, 360, PS2 and Wii; also Dreamcast but, the DC's security was even bigger epic fail than Sony's).

So I think that's complete bollocks.

The PS3 only went down because the first few lines of defense were pretty good... But not much else. In game save exploits like the famous GTA:LCS PSP, the Mechassault Xbox or the Twilight Princess Wii attacks weren't possible because the PS3(and 360 IIRC), unlike a Wintel system, actually properly implement the NX bit(According to Mathieulh at least, it also explains why TIFF exploits weren't being examined as well). So, bye bye that attack vector. The PS3 didn't rely on making sure that the optical drive was secure, so bye bye with that exploit(this was popular on the 360 and Wii). The PS3 also didn't expose the CPU to debug pins like the Xbox(with Pogo pins) or the Xbox 360(thanks to it's handy dandy JTAG connector).

It wasn't until we saw the big weakness with the PSJailbreak did we see the other major flaws.

Yes, I've gone to bat for Sony for locking down the PS3, but I don't think that it's wrong to fight back.

Really? people haven't been trying to get to accelerated video in linux on the ps3? Or access to the GameOS FS just to tinker with it? Or piracy(Piracy was a big BIG motivator on Xbox, 360, PS2 and Wii; also Dreamcast but, the DC's security was even bigger epic fail than Sony's).

The people who want pirates are most often not the same people who have the skills, knowledge and hankering to do hacking. Pirates usually just ride with whatever tools those hackers have created, and hackers on the other hand most

If every grain of sand on Earth were a super computer that could perform a public/private key signature check once every clock cycle (not possible, takes many cycles), and those super computers ran at 1000 times the speed of our current fastest supercomputers, it would take trillions of years to crack our current public key crypto systems (when implemented correctly -- something Sony failed to do).

The universe is estimated to be about 13.75 billion years old. One trillion years is a truly Epic timescale. Given that there are many correctly implemented public key cryptographic libraries with source code available I find that Sony did, in fact, fail on an epic scale...

These enormously large metrics are meant to drive home to laymen just how impractical it is to brute force correctly implemented public key cryptography with the hardware we have today.

In short, "Epic Fail!" is an accurate exclamation. If you disagree, I suggest you go read up on the subject of public key cryptography a bit more before making baseless claims as to the "feeb"ness of others' well informed comments (failing this, you could just troll harder).

Although the keys are kind of short (they likely will become breakable in a few decades or something like that), that has nothing to do with the screwup. They completely botched their signer so it creates correlated signatures that leak the key. The computation to get the private key takes milliseconds.

I think it should be taken into consideration that the people that worked on this were most likely (I haven't confirmed this but is usually the case) amateurs working on this stuff in their free time. I am sure that a professional crew could have accomplished this in a few days.

Are you serious or trolling?
Why is there no reason to buy PS3 titles? Do you only play Halo?

What about PS3 exclusives? Shooter, Eden, Infamous, Little Big Planet, Luminez, Uncharted 1&2?
Some of these are not just exclusives, they are games that raise the bar, shining examples of the medium taken to the next level.

Again, are you serious or trolling? Honestly, I cannot tell.

(Obligatory grammer nazi comment: You cannot capitalize the first word of your sentences but you capitalize the "PS" in "PS3"? Really?)

True, the Wii is slow. That would explain why it has sold almost twice as many units as the Xbox 360 or the PS3.

Eh? That doesn't make any sense.

The Wii *is* pretty mediocre by the standards of its contemporaries- it sold well because Nintendo came up with some innovative and original approaches to gaming, and focused more on the casual gamer, breaking away from the same old technical-advancement-is-everything, hardcore-fanboy-aimed market.

It's pretty true there, before the other OS, there weren't even known attempts, beyond one lame idiot saying he thought he might someday be able to do it through the other OS, that caused sony to go crazy and remove the other OS feature.
Before then sony had the best possible security possible for a console, give the modders an outlet, modders/homebrewers with high inteligence usually are not the same as the modders that want to sell to pirates, so you keep the smart ones busy, and the pirates won't have anyone to do their dirty work for them. You flip the finger at them and tell them they are a security risk and can no longer keep what you sold them... well expect the most determined wave of security breaks in history.

1. Take out Linux functionality to provoke hackers to unlock your PS32. Boost hardware sales from all the people buying PS3's to play pirated games, while acting innocent to your third party game developers3. ????4. PROFIT!!!

My understanding is that every PS3 game is signed with those keys. Therefore, invalidating them through a firmware update would mean that every PS3 game to date will no longer work.

They already have a list of all genuine games signed by the now compromised keys. They could potentially release an update that used new keys but also accepted the old keys provided it had signed something on the already known genuine list of games.

I don't think so. That would be prohibitively difficult to the point that I don't think they could do it. With the signing key somebody could create a new list and allow people to flash that into their system with the appropriate boot strap necessary to play new games as well.

Ding! Ding! Winnah! - the revocation list is one of the things owned by this, in fact I think it is part of the exploit used to grab the keys (lol). Go watch the vids - the last of them is the most revealing at just about the 4min mark where they use a LARGE revocation list to overwrite a buffer. http://www.youtube.com/watch?v=84WI-jSgNMQ&feature=player_detailpage#t=187s [youtube.com]

Custom firmware is coming I suspect. Pirated games will take longer, these guys did NOT get the key required to sign a game and get it

This is exactly the only possible fix. It is, however, technically quite hard to pull of for a number of reasons. I'm not at all certain that Sony will do that. They need to build a hash list of every version of every game, package, downloadable cotent, deal with shop versions and stuff like that, etc...

people who bought their PS3's before Sony manages to rush a new firmware image through the factory, and who hold back their online updates before Sony manages to rush a new one through the update system. Remember, if they can update the signing keys, they can also update the key checking code, so there's no reason the second key has to be as easily compromised as the first.

Anyone who can emancipate their PS3 in this (presumably) short window of time is gonna be able to keep their PS3 well-sto

Sony cannot permanently regain any existing PS3 with a firmware update (nor can they fix this hole trivially at all, including in new manufactured units). They can make it harder for you to install a hacked firmware on a PS3, but as of today every manufactured PS3 is vulnerable to a modchip (NOR/NAND flasher) forever.

Assuming they don't botch signing with the new key, no, we don't. The code running on the PS3 is perfectly fine (the signature verification, that is; the rest of the security is a clusterfuck). So is the way the signature is implemented. The screwup is in Sony's signer code. If they fix that and only issue safe signatures from now on, we can't compute new keys.

But because we can downgrade and due to the oracle attack on the secure SPE, this will likely not gain them much.

I did consider that possibility myself, but I don't think it can be done perfectly. They can include a list of hashes for all the big games, but think how many games there are - and then they have slight variations by version, by region, and so on. Unless they can get every publisher to send the hashes for every version of every game they have sent to the CD press, some people will find their games broken. Sony might consider that a price worth paying.

It is almost certain that the process of signing the games includes a hash generation. Usually the way these things work is that you hash the entire image, then encrypt the hash with the private key. Mainly because hashing is orders of magnitude faster than encryption. So even if Sony didn't archive a copy of every game they signed due to laziness or lack of process or they ran out of shelf-space, it would have been trivial to archive a copy of every hash that they signed.

Not that I want them to succeed; but they could always do something like:
"Consider private key X revoked, and trust nothing signed with it, unless that something has SHA1 hash equal to one of the hashes on the following list..."

The number of existing PS3 games, DLCs, etc., while not small, is finite and pretty well characterized. It would be a pain in the ass; but not fundamentally difficult, to compute the hash of each one that is tainted by the compromised key and hardcode trust of it into the same patch that otherwise nukes that key and anything signed by it.

Now, since the private keys presumably also control verification of patches, it is likely that some number of PS3s will permanently leave their control, with hacked patches applied that spoof acceptance of future patches, thus leaving them in control of their owners; but regaining control of all unsophisticated updaters and all PS3s leaving the factory from now on doesn't seem fundamentally impractical...

Nintendo had a nifty solution for the old Gameboy(/color) - code wasn't signed, but games did need to have some magic bytes in the right place. Quite a lot of magic bytes, which had to be bit-perfect. They were actually the Nintendo logo, the one displayed on the screen at the start - so for any game to execute on the GB, it absolutly has to contain the Nintendo logo. In those pre-DMCA times, Nintendo found a way to use trademark law as a way to keep unlicenced games at bay.

'Approximately a half hour in, the team revealed their new PS3 secrets, the moment we all were waiting for. One of the major highlights here was, dongle-less jailbreaking by overflowing the bootup NOR flash, giving complete control over the system.

Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.

It is impressive indeed. Though I do note that it didn't completly resist attack for four years. It just took for years to be completly, irrepairably and conveniently broken. There have been wayst o break the PS3s DRM for years, but their complexity put the beyond the ability of all but the most technologically capable users. With the code-signing cracked, it's as simple as burning an ISO.

Ok, the PS3 was launched on November 11, 2006. [wikipedia.org] Today's date is December 29, 2010. That means that it took over four years to be broken.

Compared to DVD and Blu-Ray, that is actually pretty darn good.

I was at the presentation in Berlin today. They did bring up this exact point.

Their counter argument was that people don't take into consideration that the console did support homebrew until Sony declared they'd drop that. The argument for that action was they'd save money not having to support it for their then-new PS3 Slim models, which turned out to be bullshit after hackers discovered that the Slim (with some hacking) could actually run the same Linux distros as the PS3 Fat. They then disabled OtherOS on the PS3 Fat, too.

This was 12 months ago (can't cite a source other than the slides), making it take only 12 months of actual effort for it to get cracked, as opposed to other (closed) platforms where the homebrew hacking efforts begin at day 0.

In other words, Sony has just gone and proved that the only DRM that remains unhacked is the kind that nobody cares to hack. See also: SACD.

SACD is cracked. Or at least worked around enough so that it doesn't matter.There are two hacks for SACD:

1) Physical modification of various players to extract the PCM audio after conversion from DSD, this approach is a few years old now.2) The widespread crack of HDCP enabled extraction of the original DSD audio from any HDMI equipped SACD player.

That's true. And Sony have been boasting of having the toughest DRM of all consoles.

However, it only took half a year [joystiq.com] from removing Linux support, and in that short period have had many partially successful attacks against it. Before, while they had the Linux support, such stories were remarkably rarer.

Many critics meant that the continued security of the console was partially because they allowed linux to run on it, and so many of the talented people had no reason to look closer at it. Since PS3, after four year of "DRM cracking almost never heard of" have now gone to "Completely broken" in just over half a year's time, I think they have a point there.

It's not that it was that much more secure, it's just that most of the really talented people had no reason to look into it.

Yeah, but during the first three of those four years the only reason was piracy why people would want to break it. Which is clearly not the intention of those guys. So, technically it was only twelve months since SONY removed the OtherOS mode.

The people that did this exploit/hack/whatever reportedly only chose this method of action after Sony decided to remove OtherOS support from PS3's. Their stated goal is to get Linux up and running on retail PS3s. Maybe this would've occured a lot quicker if OtherOS never existed.

Ok, the PS3 was launched on November 11, 2006. Today's date is December 29, 2010. That means that it took over four years to be broken.

Another way to look at is that on April 1st, 2010 the "other OS" option was retroactively removed from all PS3s with current firmware.That makes it 5 months from pissing off the wrong people to the first widespread jailbreak and 9 months to a permanent crack.

It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

With stuffy like HDCP, it was understood that serious tradeoffs were made in order to make the crypto cheap and fast enough that any POS $200 monitor should be able to decode an encrypted bitstream fast enough to handle the demands of uncompressed digital monitor connections. The weaknesses just came with the territory.

With something like the PS3, though, they have serious computing power available, and were dealing with a straightforward case of "verify that the code signed with private key X has indeed been thus signed, and not modified since, using public key Y, from which private key X is essentially not computable". Virtually every real-world use of cryptography depends on the ability to do that without disclosing your private key(save by malicious insider/hacker attack).

What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?

I admit that I don't have a deep understanding of this stuff; but it seems like this is the equivalent of "Hey, possession of the list of trusted CAs and their public keys has allowed a hacker with a copy of firefox to compute Verisign's root signing keys!".

How did Sony fuck up such that this story is not the biggest breakthrough in cryptoanalysis since frequency analysis?

What did Sony do wrong? Obviously, they could do nothing about a suitably well-equipped hacker physically modifying a PS3 to stop it from verifying at all, or to always return "yup, all good" regardless of the verification outcome; similarly, a firmware bug could allow the same outcome without the expense of physical modification; but how could it be that they would have to put anything in their client(no matter how well hidden by hardware obfuscation/TPMs/smarcards/whatever) that could be used to compute their private key? Isn't a public key, which is a totally safe piece of data to disclose, all you need to verify whether or not something has been signed with the matching private key?

From my layman's understanding of what they did (View the actual conference footage here: http://www.youtube.com/watch?v=GPjd6gHY6A4 [youtube.com] ), they don't HAVE the private key. Sony made a big mistake in their key generation method, where they were supposed to use a random value for one variable, they used a static value. Because of that, you're able to generate valid signed packages without the private key.

People seem to be saying "big whoop - they just invalidate the private key for use with anything but list of titles which which they know it was signed". But did I hear him say in that video that it's possible also to calculate more private keys that are totally indistinguishable from original? Meaning that would do nothing at all to resolve that problem?

Actually, the bug wasn't in key generation, but in *signature* generation.

They were supposed to salt each signature with a different random salt (number "m"), but they didn't, they used a constant number every time.

That made the equations for computing the signatures, R and S, easily exploitable, making it possible to simply solve them and obtain the private key. Now, this isn't a computationally expensive operation, since the equations are rather simple, hence the EPIC fail: as soon as anyone realizes Sony

That last bit right there is the hard part. Making algorithms was a hard task, to be sure. It took eons before humanity had the right mathematics to make RSA possible, but that work is all done now. There isn't all that much work being done in making new crypto algorithms, because we're pretty sure the ones we have will stand up. Even a breakthrough in Quantum Computing or Complexity Theory wouldn't completely destroy everything out there. There is some work to do in hash algorithms (MD5/SHA1), but that's t

HDCP isn't really doing the same thing as Sony's code-signing, and it suffers from the DRM problem where Bob and Eve are the same person.

As you say, Sony's use case is just traditional public-key digital signatures, and should be completely immune to attack barring major advances, or compromise of the signing key. So, they are without excuse.

HDCP accomplishes a different mission. HDCP needs to allow any two random and unrelated pieces of AV equipment to talk to each other without anything in-between intercepting the communication. That means that each device must contain a keypair, and not a single key, which means that private keys are inside every HD TV sold today. If you can extract the keypair from any one of those TVs you can fully impersonate that TV which is all you need to crack the system barring key revocation, since HDCP dictates that any device trust any other device with full-quality streams unless it has a revoked key.

If you crack one TV set you break HDCP somewhat. The manufacturer can of course revoke the key and recall all TVs containing that key at considerable expense, and then re-secure the rest of the system (once the revocation fully propagates, which of course involves a lag).

The next problem with HDCP is that all the device keys are related to a master key (which is how devices can figure out if any particular keypair is a good one or not without having any prior relationship). The nature of that relationship allows the master key to be brute-forced once a sufficient number of device keys are obtained. Over time a sufficient number of device keys were obtained, and thus the master key was obtained. That makes revocation of individual devices no longer an option, and the only solution at this point is to invalidate every HDMI-sporting device out there.

The protection on BluRay had similar issues. Again, this is all DRM and it is theoretically insecure since the threat model is an attacker who has physical possession of the keys, which of course there is no mathematical defense against.

None of this applied to the PS3 - at least not regarding code authentication. Code encryption is a different story - if discs are encrypted then if you extract a private key from any valid console you can decrypt every disc out there, but you can't modify and run them without having the signing key or jailbreaking individual devices.

I'm curious as to how they did it as well. If they didn't provide details I'd be suspicious that the key wasn't simply leaked. Key management is the achilles heel of public key crypto.

I'm a little uncertain what you're asking at the end of your comment, but the key they obtained was the Isolation-mode SPU AES key.

They say at the end of their talk they do not have the LV1 OS keys, and they aren't going to work on them -- those are used to sign & verify games.

The Isolation-mode SPU AES key is used to verify loaders, and it was broken because the encrypted block is stored at a lower address than the decryption code -- and the size parameter is not verified. So the encrypted block can be overflowed to overwrite the current instruction and then the isolated SPU is under user control.

How did Sony fuck that one up?
It was my(admittedly layman's) understanding that a public/private key crypto implementation, assuming it isn't deeply flawed, using key lengths suited to the computational capacities of PDP-8s, or otherwise totally fucked, was mathematically secure against anything other than a profound breakthrough in prime factorization algorithms, an unbelievable advance in computational power, or an insider leaking your private key.

Close. These algorithms only work correctly if implemented correctly. There are various known pitfalls with each of these algorithms; for example, the original iPhone was unlocked using an RSA implementation error (Bleichenbacher attack against an RSA implementation that does not correctly validate padding and uses exponent 3). ECDSA happens to have a "pitfall" that leaks information inside the signatures it makes.

This doesn't make it a bad algorithm -- it can achieve the same security of RSA using small

The "pitfall" isn't a pitfall because it doesn't apply to correctly implemented ECDSA. As long as you use a random m for every sig, you're safe. If you reuse m just once (or you somehow let the attacker guess m, or even an incomplete part of it), you leak the private key. If anything, the only con is that ECDSA requires a random number source for signing.

This is basically just a superficially subtle screwup that turns out to have massive consequences for the security of the cryptosystem.

The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.

As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.

The DRM code has a bug that, when a certain condition happens (time passes, specially-formulated packet received, etc.), it overclocks the CPU to the point that it catches on fire. Within minutes of the event, most of the millions of PS3s in the wild have set peoples' homes ablaze.

As a result, thousands die and the insurance industry collapses. Anarchy reigns, so there's nobody to enforce copyright anymore and the original DRM is rendered irrelevant.

THAT is an epic fail.

While I tend to agree that it's not exactly an Epic Fail on Sony's part, your description goes far beyond Epic Fail... that would probably be the most Awesome Fail in the history of electronics.

Of course, the real win would be to get the Windows Update private key. That, and a BGP exploit, and you can rule the Windows world. I still consider Windows Update an unacceptable backdoor. Someday, that's going to backfire.

They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself:http://www.youtube.com/watch?v=GPjd6gHY6A4 [youtube.com]

They don't have Sony's signing key, from what I've read. What they have is a flaw in the key generation process, which allows them to generate valid signed packages without the private key. In fact, here's the video from the conference itself:
http://www.youtube.com/watch?v=GPjd6gHY6A4 [youtube.com]

No, GP was right. The exact signing key used by Sony may be derived from the public components of their ECDSA signatures. Not something close; not something equivalent.

What does this mean for hacks and other programs that modify program code or execute and stay resident alongside game code? Does the cracking of the keys allow custom boot loaders that will open the doors for hacking?

If so, this is a sad day. The primary reason I bought a PS3 was to play in a hack free environment.

That's all I want, badly, very badly.It's half the reason I got the PS3 when I did, XBMC was in the early stages of PS3 support, however the idiots at Sony blocked the GPU acceleration for the video so the team abandoned it once the 3D loophole was closed in linux. I don't know the full term, something along the lines of a hypervisor.Then they closed off linux all together.

I love it as a gaming machine but I wish it could match my Xbox1. The Ps3 hardware is amazing, XBMC would be brilliant on it.

The PS3 was being attacked well before OtherOS removal. When linux was available the graphics on the machine were limited to virtualization. The race was on too crack the 7 locked down SPUs. Were people successful? Mostly no, but that doesnt mean attempts havent been made. If i remember correctly, Geohot's intention was to gain access to the cores. They just happened to find an exploit to give them keys to the kingdom

Removing linux definitely brought the talent out of the woodwork, but it did not start a war

Now all they have to do is crack the "having to buy an overpriced piece of proprietary hardware that merely replicates what the PC I own can already do" part of the equation.

Crack that, and I'll be all set. Otherwise I'm not spending several hundred dollars to buy a box to take up more space simply to play software that my PC would be able to play if it weren't for someone's desire to complete control and every last dollar.

Change from a hardware/software company to a software company, and I'll use your product.

Not even all that hard, I suspect, to replace the keys. They don't need to accept all code signed with the old keys -- only the set of code signed with the old keys that they know they signed, which is a very small number compared to modern storage and computation.

True - they could update the firmware to accept the old key only for signatures that have particular hashes, and supply a list of hashes. If there are 1000 games out there for the PS3 and a hash of the signature is 20 bytes long then you only need 20kb to store the whole table - a trivial amount to include in a firmware blob.

Now, if you can get the keys needed to update the firmware that is a different matter...